Adrian 6384c7bcea | ||
---|---|---|
.gitcrypt | ||
.gitattributes | ||
README.md |
README.md
Transparent Encryption in Git
Store files encrypted, have them decrypted only in the working directory.
Simply clone this repository to create an encrypted one.
OpenSSL is needed.
Tested in Linux and Git for Windows 2.6.
Thanks for Woody Gilk's tutorial which served as a starting point.
Installation
-
Before using GitCrypt the first time, register the filters:
git config --global filter.gitcrypt.smudge .gitcrypt/dec git config --global filter.gitcrypt.clean .gitcrypt/enc git config --global diff.gitcrypt.textconv .gitcrypt/diff
If this step is omitted, files get added unencrypted silently. However, it is not needed, if GitCrypt has been used before.
-
Imagine a repository password. It is either expected in the environment variable
$GITCRYPT_PASS
, or in the file.git/pass
(which is ignored by Git).Hint: You can enter the password safely by using the command:
read -s GITCRYPT_PASS
-
After that, generate a salt:
.gitcrypt/gensalt
Usage
After installation, Git can be used as is. Any file can be replaced (including this README) and it will be stored encrypted, except:
- .gitattributes
- .gitcrypt/*
FAQ
-
Question: How can the salt or password be changed?
Answer: Just edit
.gitcrypt/salt
or.gitcrypt/pass
. After that, all files have to be forcibly re-added:rm .git/index git add .
Note that it is not sufficient to change the password, if it has been compromised. Old versions of the files can still be decrypted, since they remain encrypted using the old password in the Git history.
-
Question: Why do errors like the following occur when cloning the repository:
error: external filter .gitcrypt/dec failed
Answer: It seems that GitCrypt has been used previously and the filters are already registered globally. Git tries to decrypt files in this repository which are not encrypted.
The errors can be ignored.
-
Question: Why another version besides git-encrypt and git-crypt?
Answer: First and foremost for me to learn something. But as an admirer of the KISS principle, I felt that it should be even easier and less code.